论文信息 - Disaster coverable PKI model based on Majority Trust principle

Disaster coverable PKI model based on Majority Trust principle

The public key infrastructure (PKI) is an important part of almost all security implementations from secure portals for banks and e-shops to VPN devices. In spite of its strengths there is a critical design issue causing a single point of failure for the PKI infrastructure. Once the CA (certification authority) key has been stolen, the integrity of the entire system can be exposed to bogus certificates, compromising the validity of all digital identities issued under this CA. In this paper we introduce the problem and propose a solution to distribute the trust responsibility to accredited agents. The major advantage of the proposed solution is its compatibility to classical PKI based on x509 certificates.

Vesselin Tzvetkov

[1] Russ Housley,et al. Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[2] Robin Kravets,et al. Key management for heterogeneous ad hoc wireless networks , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[3] Russell Housley,et al. Certificate and CRL Profile , 2002 .

[4] Yvo Desmedt,et al. Some Recent Research Aspects of Threshold Cryptography , 1997, ISW.

[5] Barruquer Moner. IX. References , 1971 .

[6] Jim Turnbull,et al. Cross-Certification and PKI Policy Networking , 2000 .

[7] Adi Shamir,et al. How to share a secret , 1979, CACM.